Two Ph.D. Students Named IISP Cybersecurity Fellows

Two Ph.D. students, Celine Irvene and Jenna McGrath, received funding from the IISP Cybersecurity Fellowship program to support their research during Spring '18. The selection of Irvene as the first Cybersecurity Fellow who focuses on robotic systems demonstrates the increasing demand for protecting robotic systems, as robots become prevalent in our factories, hospitals and homes. The support for McGrath's research on cyberattacks on electric grids, a second project on this topic funded by the IISP Cybersecurity Fellowship (see Fall '17 Fellow Leilei Xiong's research last semester), reflects the growing importance of protecting the electricity infrastructure against cyber-enabled attacks, and identifying vulnerabilities unaddressed by current policies.

The Cybersecurity Fellowship program supports unfunded and under-funded, emerging research so that outstanding Ph.D. students may do what they do best – take exceptional ideas from concept to proof. The Fellowship serves to motivate students with an advanced understanding of information assurance and cyberthreats to pursue innovative research without undue concern for lack of funds.

Irvene is a Ph.D. student in the School of Electrical and Computer Engineering with a concentration in cyber-physical systems security. She received both her M.S. in Electrical and Computer Engineering and B.S. in Computer Engineering from Georgia Tech. Irvene was selected as a CEED RISE Scholar as an undergraduate, and received the National Physical Science Consortium Fellowship as a graduate student. She is advised by Raheem Beyah, associate chair for strategic initiatives and innovation, and interim chair of the School of Electrical and Computer Engineering.

McGrath is a Ph.D. student in the School of Public Policy, with a focus on energy and environmental policy. She received her bachelor's degree in environmental policy and analysis in 2011 and her master's degree in energy analysis in 2012, both from Boston University. Upon graduation, she became a fellow at the Massachusetts Clean Energy Center, and then worked in research and business development at an energy storage start-up at Boston. She began her studies at Georgia Tech in 2013, and was selected as a fellow for the National Science Foundation Integrative Graduate Education and Research Traineeship Program (IGERT). There, she focused on nanomaterials for energy storage and conversion for two years. She was then selected as a Sam Nunn Security Program Fellow from 2015 to 2016. McGrath is currently advised by Valerie Thomas in the H.Milton Stewart School of Industrial & Systems Engineering.

About Their Research

Understanding and Addressing the Privacy Challenges of the IoT Era

Irvene's present research focuses on the security of robotics systems.

"I am building a HoneyBot, the first honeypot for robotic systems," said Irvene. "As the prevalence of remotely accessible robots grows for telesurgery, cyberwarfare, [and] home automation, so do the threats associated with their use."

According to Irvene, attacks on cyber-physical systems have already begun. Stuxnet, for example, was a malicious computer worm that famously damaged Iran's nuclear program. It targets the same programmable logic controllers that are used to control systems such as machinery on factory assembly lines, amusement park rides, or power plants. As robotic systems become more prevalent, the consequence of such attacks becomes increasingly severe.

"The HoneyBot will assist in the creation of threat models in the untouched domain of robotics security as well as monitor attacker’s actions 'inside' of a system in order to study their behavior, understand their capabilities, and provide behavioral fingerprints that can be used for attribution of future attacks," she says.

Irvene first worked under Beyah's supervision in a Georgia Tech summer research experience program, after earning the highest overall average in Beyah's class, Introduction to Computer Security. "[Irvene] has distinguished herself as an extremely bright student and a creative, thorough and capable researcher," said Beyah. "Specifically, [Irvene]'s summer research project involved the development of a novel, robust, and effective method to passively fingerprint IoT devices using traffic characterization techniques. This effort required a diverse spectrum of talents, ranging from having a solid networking and security background to having excellent programming skills." Irvene now continues her research as a Ph.D. student in Beyah's research group.

"Receiving this award is exciting because it will enable me to focus on my research, expanding the prototype HoneyBot system to make it more robust as well as pursue other interesting projects as they arise," said Irvene.

Cyber-Physical Security Policy for the Electric Grid: What Has Been the Policy Response, and How Effective Is It?

McGrath's dissertation research focuses on the evolution of targeted physical and cyber attacks against U.S. electricity infrastructure, and how federal funding and policies react to improve grid resiliency and security.

"My research considers significant outages and unusual incidents on the grid caused by weather events, technical failures, and malicious physical and cyberattacks," said McGrath. "I then evaluate how the characteristics of these incidents affect policy interventions and funding allocations at the federal level. In particular, is there a difference in policy response and subsequent funding when the incident is related to a confirmed or suspected attack versus a weather-related outage? Furthermore, I seek to determine whether these policy improvements will actually help prevent and deter future physical and cyber attacks, especially as methods and motivations for attacks are becoming more sophisticated. I am particularly interested in researching the risk of cyber-enabled physical attacks given past physical and cyber attacks and the ensuing policy responses."

According to McGrath, her research can help better assess the metrics of attacks on electricity infrastructure in the U.S. and the policy response. It can further explore the vulnerable aspects left unaddressed and potential targets in more complex future attacks.

"[McGrath] is able to address a type of question that others are not," said Valerie Thomas, McGrath's academic advisor. "The vulnerability of the electric grid to cyberattacks has significant public policy applications, with potential for identifying a range of local to national scale measures that could improve the security of the grid, as well as to identify gaps or mismatches between utility or regulator security actions and the risk profile."

"Receiving this award allows me to focus more of my research on the risk of cyber-enabled physical attacks on the electric grid. Additionally, inclusion in the Cybersecurity Fellowship program will allow me to communicate, collaborate, and learn from the program’s participating faculty, excelling my policy-based research further and adding novel computing, cybersecurity, and other interdisciplinary perspectives and techniques to my work," said McGrath.